Manage TLS (SSL) certificates for a CDN resource

Last update: May 27 2025

Manage TLS (SSL) certificates for a CDN resource

TLS(SSL)-certificate is a unique digital signature of a website. TLS(SSL)-certificate is required for a secure connection between the client and the server (HTTPS protocol) when transmitting confidential information and conducting financial transactions.

Types of TLS(SSL) Certificates⁠

	Let's Encrypt®	Personal
Domains	All CDN resource domains	Personal domains of the resource, which are specified in the certificate
Management	You can't control	Disconnect Make active Delete
Update	Automatically	Manually

Let's Encrypt® Certificate⁠

A Let's Encrypt® certificate is automatically issued when you create a Selectel CDN resource and applies to all default and personal domains connected to the resource.

Let's Encrypt® certificate has the following properties:

• certificate cannot be deactivated or deleted, only replaced with a personal certificate;
• A CDN resource can have only one valid Let's Encrypt® certificate;
• the certificate does not need to be manually renewed, it is automatically reissued when it expires.

For more information about Let's Encrypt® certificate limits, see Rate Limits of Let's Encrypt® documentation.

Personalized certificate⁠

If you have your own TLS(SSL)-certificate, you can add it to the CDN resource as a personal certificate.

The certificate must specify the personal domains of the resource through which you want to distribute content over HTTPS.

Only one TLS(SSL) certificate can be active in a CDN resource. Domains that are not specified in the personal certificate will only receive content via HTTP.

If you remove the personal certificate, a Let's Encrypt® certificate is automatically issued for the share.

Add a personalized certificate⁠

1. In the Control Panel, on the top menu, click Products and select CDN.

2. Open the CDN resource page → Certificates tab.

3. Click Add Certificate.

4. Open the Personal tab.

5. Insert the certificate for the domain. It must begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.

   If you want to add multiple certificates, make sure that all certificates (the primary certificate for the domain, the intermediate certificates, and the root certificate) create a complete chain. The Issuer value of the primary certificate must match the Subject value of the first intermediate certificate, the Issuer value of  the first intermediate certificate must match the Subject of the second intermediate certificate, and so on.

6. Insert the private key. It must start with -----BEGIN PRIVATE KEY----- and end with -----END PRIVATE KEY-----.

7. Click Add Personal SSL Certificate.